openstack的四大服务组件及openstack环境搭建
opensatck的虚拟机建立流程图
html
一.openstack的四大服务及组件功能
1.keystone认证服务的一些概念
1)User:
使用openstack的用户
2)Role:
给用户添加到一个角色中,给予此用户操做权限
3)Tenant:
人、项目或组织拥有的资源合集,一个租户下有多个用户,能够给用户权限划分来使用租户中的资源
4)TOken:
密令,口令,keystone认证将token口令返回到浏览器,即在一段时间免秘钥登陆,功能相似与cookie 会话保持,但又不一样于cookie,cookie记录浏览器的登陆信息,不能分配用户访问权限;token保存了用户认证信息, 与用户权限相关。
2.glance镜像服务的组件及功能
1)glance-api
接收镜像的删除、上传和读取
2)glance-registry
负责与mysql数据库的交互,用于存储和获取镜像的元数据,在数据库中用于存储镜像信息的两张表image表 和image-property表 image表:用于存放镜像文件的格式、大小等信息 image-property表:用于存放镜像文件定制化信息
3)image-store
镜像的保存与读取的接口,仅仅是一个接口
4)注意
glance服务不须要配置消息队列,但要配置keystone认证和数据库
3.nova配置虚拟机服务的组件及功能(openstack最先组件之一)
1)nova-api
接收和响应外部请求,将接收到的请求经过消息队列发送给其余服务组件
2)nova-compute
建立虚拟机,是经过libvirt来调用kvm模块建立虚拟机,nova分为控制节点和计算节点,nova之间经过 消息队列进行通讯
3)nova-schdule
是用来调度建立虚拟机所需的物理机
4)nova-palcement-api
监控提供者的库存和使用量,如跟踪计算节点资源存储池的使用量、ip的分配等状况,配合schdule实现物理机的调度
5)nova-conductor
计算节点访问数据库时的中间件,即当nova-compute须要获取或更新数据库中的实例信息,不会直接访问数据库,而 是经过conductor来访问数据库,当在较大的集群环境中时,须要横向扩展conductor,但不要扩展在计算节点上
6)nova-novncproxy
VNC代理,用来显示虚拟机操做终端的界面
7)nova-medata-api
接收虚拟机的元数据请求
4.neutron网络服务的一些组件和功能(之前叫作nova-network,已改名为netron)
1)分为自服务网络和提供者网络
自服务网络:能够本身建立网络,用虚拟路由器链接外网,此网络类型使用极少 提供者网络:虚拟机网络桥接到物理机网络,且必须和物理机在同一网络段,大多数都选择此网络类型
2)neutron-server
对外提供openstack的网络API,接收请求,并调用插件
3)plugin
处理neutron-server接收的请求维护逻辑网络状态并调用agent处理请求
4)neutron-linuxbridge-agent
处理plugin请求,确保网络提供者实现各类网络功能
5)消息队列
neutron-server、agent、plugin它们之间是经过消息队列来进行通讯和调用的
6)网络提供者
提供虚拟网络或物理网络设备,例如linux-bridge、支持neutron服务的物理交换机, 其网络、子网、端口、路由等信息都存放在数据库中
二.环境准备(全部节点centos7.2版本)
1.controll-node控制节点
1)网卡
eth0:192.168.1.10/24
eth1:192.168.23.100/24
2) 须要的包:
python-openstackclient #openstack的客户端链接包
python2-PyMySQL #链接数据库包
mariadb #用于mysql数据库链接测试的客户端
python-memcached #链接memcached数据包
openstack-keystone #认证服务包
httpd
mod_wsgi #httpd的模块包
openstack-glance #镜像服务包
openstack-nova-api #接收和响应外部请求包
openstack-nova-conductor
openstack-nova-console
openstack-nova-novncproxy
openstack-nova-scheduler
openstack-nova-placement-api
openstack-neutron
openstack-neutron-ml2 #二层模块插件
openstack-neutron-linuxbridge
ebtables
openstack-dashboard
2.compute-node计算节点
1)网卡
eth0:192.168.1.10/24
eth1:192.168.23.201/24
2) 须要的包:
python-openstackclient
openstack-nova-compute
openstack-neutron-linuxbridge
ebtables
ipset
3.mysql-node数据库节点
1)网卡
eth0:192.168.1.41/24
2) 须要的包:
python-openstackclient
mariadb
mariadb-server
rabbitmq-server
memcached
4.实验前必须关闭的功能和开启的功能,避免实验没法进行
1)防火墙要禁用
2)NetworkManager要禁用:会致使没法bond网卡和桥接网卡不能生效
3)selinux必定要禁用:可能会致使网络不通的问题
4)开启chrony时钟同步,保持全部节点时间同步,避免控制节点找不到计算节点而报错致使实验没法进行
三.openstack的搭建过程(openstack的ocata版本)
1.准备openstack仓库及一些软件包的安装
1)分别在controll-node和compute-node安装openstack仓库
~]#yum install centos-release-openstack-ocata -y
2)在全部节点安装openstack客户端:
~]#yum install python-openstackclient -y
3)controll-node控制节点安装数据库链接包:
用于链接memcached数据的包 ~]#yum install python-memcached -y 用于链接mysql数据库的包 ~]#yum install python2-PyMySQL -y 安装mysql数据库客户端用于远程测试链接 ~]#yum install mariadb -y
4)mysql-node节点安装mysql数据库、消息队列、memcached等
安装mysql数据库:
~]#yum install mariadb mariadb-server -y
配置mysql数据库的配置文件:
~]#vim/etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.1.41
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
…………
~]#vim/etc/my.cnf
……
[mysqld]
bind-address = 192.168.1.41
……
启动mysql服务:
systemctl enable mariadb.service && systemctl start mariadb.service
执行数据库安全安装命令,删除匿名用户以及无密码登陆,确保数据库安全
~]#mysql_secure_installation
安装消息队列rabbitmq:
~]# yum install rabbitmq-server -y
~]#systemctl enable rabbitmq-server.service && systemctl start rabbitmq-server.service
~]#rabbitmqctl add_user openstack openstack #添加 openstack用户
~]#rabbitmqctl set_permissions openstack ".*" ".*" ".*" #容许读写权限
安装memcached数据库:
~]#yum install memcached -y
~]#vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,192.168.1.41"
~]#systemctl enable memcached.service && systemctl start memcached.service
2.认证服务keystone的部署
1)mysql-node节点建立keystone数据库以及keystone受权用户
MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone'
2)controll-node安装认证服务相关的包并配置认证服务配置文件
~]#yum install openstack-keystone httpd mod_wsgi -y
~]# vim /etc/keystone/keystone.conf
[database]
# ...
connection = mysql+pymysql://keystone:keystone@192.168.1.41/keystone #指明链接的数据库
[token]
# ...
provider = fernet
3)controll-node执行keystone的一些初始化命令
~]#su -s /bin/sh -c "keystone-manage db_sync" keystone #同步数据到数据库中 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 初始化fernet ~]#keystone-manage credential_setup --keystone-user keystone --keystone-group keystone #初始化证书 引导启动keystone服务: ~]#keystone-manage bootstrap --bootstrap-password keystone --bootstrap-admin-url http://192.168.23.100:35357/v3/ --bootstrap-internal-url http://192.168.23.100:5000/v3/ --bootstrap-public-url http://192.168.23.100:5000/v3/ --bootstrap-region-id RegionOne 编辑httpd配置文件: ~]#vim /etc/httpd/conf/httpd.conf ServerName 192.168.23.100 建立软链接: ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ 启动http的服务: ~]#systemctl enable httpd.service && systemctl start httpd.service 声明openstack管理员帐号及密码等: ~]#export OS_USERNAME=admin ~]# export OS_PASSWORD=keystone ~]# export OS_PROJECT_NAME=admin ~]# export OS_USER_DOMAIN_NAME=Default ~]# export OS_PROJECT_DOMAIN_NAME=Default ~]# export OS_AUTH_URL=http://192.168.23.100:35357/v3 ~]# export OS_IDENTITY_API_VERSION=3
4)在controll-node建立域名、项目等
建立一个service项目: ~]#openstack project create --domain default --description "Service Project" service 建立一个demo项目: ~]#openstack project create --domain default --description "Demo Project" demo 建立一个demo用户: ~]#openstack user create --domain default --password-prompt demo 建立一个user角色: ~]#openstack role create user 将demo用户添加到demo项目中并授予user角色的权限: ~]#openstack role add --project demo --user demo user 编辑keystone-paste.ini配置文件,移出掉如下[….]section中的admin_token_auth选项,为安全不启用临时帐户 ~]#vim /etc/keystone/keystone-paste.ini remove 'admin_token_auth' from the [pipeline:public_api],[pipeline:admin_api], and [pipeline:api_v3] sections. 将设置的变量秘钥、系统认证url变量复位: ~]#unset OS_AUTH_URL OS_PASSWORD admin用户请求一个身份认证密令,访问时须要输入管理员秘钥: ~]#openstack --os-auth-url http://192.168.23.100:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue demo用户请求一个身份认证密令,访问时须要输入demo用户秘钥: ~]#openstack --os-auth-url http://192.168.23.100:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
5)在controll-node建立用户受权脚本,以便下次访问服务
admin用户受权脚本: ~]#vim admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=keystone export OS_AUTH_URL=http://192.168.23.100:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 ~]#chmod +x /data/admin-openrc demo用户受权脚本: ~]#vim /data/demo-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://192.168.23.100:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 ~]#chmd +x /data/demo-openrc 执行admin收取脚本测试访问 ~]#. admin-openrc ~]#openstack token issue
3.glance镜像服务部署
1)在mysql-node上建立glance数据库以及glance受权用户:
MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
2)controll-node执行glance服务相关命令
执行admin受权脚本,以admin身份访问: ~]#. admin-openrc 建立glance用户: ~]#openstack user create --domain default --password-prompt glance 将glance用户赋予admin管理员权限: ~]#openstack role add --project service --user glance admin 建立一个服务名为image的服务 ~]#openstack service create --name glance --description "OpenStack Image" image 建立endpoint ~]#openstack endpoint create --region RegionOne image public http://192.168.23.100:9292 #公有端点 ~]#openstack endpoint create --region RegionOne image internal http://192.168.23.100:9292 #私有端点 ~]#openstack endpoint create --region RegionOne image admin http://192.168.23.100:9292 #管理端点
3)controll-node安装glance镜像服务相关包并配置glance配置文件
~]#yum install openstack-glance -y ~]#vim /etc/glance/glance-api.conf [database] # ... connection = mysql+pymysql://glance:glance@192.168.1.41/glance #指定链接的数据库 [keystone_authtoken] # ... auth_uri = http://192.168.23.100:5000 auth_url = http://192.168.23.100:35357 memcached_servers = 192.168.1.41:11211 #指定memcached数据库服务 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance #glance服务的用户名 password = glance #glance服务的用户名密码 [paste_deploy] # ... flavor = keystone [glance_store] # ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ #镜像文件的路径 ~]#vim /etc/glance/glance-registry.conf [database] # ... connection = mysql+pymysql://glance:glance@192.168.1.41/glance #指定glance数据库 [keystone_authtoken] # ... auth_uri = http://192.168.23.100:5000 auth_url = http://192.168.23.100:35357 memcached_servers = 192.168.1.41:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = glance [paste_deploy] # ... flavor = keystone 生成表文件到mysql的glance数据库中: ~]# su -s /bin/sh -c "glance-manage db_sync" glance 启动glance多有的相关服务: ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service ~]#systemctl start openstack-glance-api.service openstack-glance-registry.service 执行admin权限脚本: ~]#. admin-openrc 下载cirros镜像文件: ~]# wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img 将镜像文件加载到glance服务中: ~]# openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public 查看服务是否加成功: ~]#openstack image list
4.nova服务的部署
1)在mysql-node上建立nova相关数据库以及nova受权用户
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'nova123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'nova123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'nova123456';
2)controll-node执行nova服务的相关命令
执行admin受权脚本: ~]#. admin-openrc 建立nova用户: ~]#openstack user create --domain default --password-prompt nova 授予nova用户admin权限: ~]#openstack role add --project service --user nova admin 建立一个服务名为cpmpute的服务 ~]#openstack service create --name nova --description "OpenStack Compute" compute 建立enpoint: ~]#openstack endpoint create --region RegionOne compute public http://192.168.23.100:8774/v2.1 #公共端点 ~]#openstack endpoint create --region RegionOne compute internal http://192.168.23.100:8774/v2.1 # 私有端点 ~]#openstack endpoint create --region RegionOne compute admin http://192.168.23.100:8774/v2.1 # 管理端点 建立placement用户: ~]#openstack user create --domain default --password-prompt placement 将placement用户授予admin权限 ~]#openstack role add --project service --user placement admin 建立一个服务名为placement服务 ~]# openstack service create --name placement --description "Placement API" placement 建立endpoint: ~]#openstack endpoint create --region RegionOne placement public http://192.168.23.100:8778 #公共端点 ~]#openstack endpoint create --region RegionOne placement internal http://192.168.23.100:8778 # 私有端点 ~]#openstack endpoint create --region RegionOne placement admin http://192.168.23.100:8778 # 管理端点
3)在controll-node安装nova相关的包并配置nova的配置文件
~]#yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y
~]#vim /etc/nova/nova.conf
[api_database]
# ...
connection = mysql+pymysql://nova:nova123456@192.168.1.41/nova_api #指定nova_api数据
[database]
# ...
connection = mysql+pymysql://nova:nova123456@192.168.1.41/nova #指定nova数据库
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@192.168.1.41 #指定消息队列
my_ip = 192.168.23.100 管理节点ip,能够不启用
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver #禁用掉计算防火墙
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_uri = http://192.168.23.100:5000
auth_url = http://192.168.23.100:35357
memcached_servers =192.168.1.41:11211 #指定memcached数据库
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova #nova服务的用户名
password = nova123456 #nova服务的用户名密码
[vnc]
enabled = true
# ...
vncserver_listen = $my_ip #指定vnc的监听地址
vncserver_proxyclient_address = $my_ip #指定vnc代理地址
[glance]
# ...
api_servers = http://192.168.23.100:9292
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp #指定锁目录
[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://192.168.23.100:35357/v3
username = placement
password = placement
~]#vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
从新启动httd服务:
~]#systemctl restart httpd
4)配置完成后,在controll-node 上执行导入数据命令并启动nova的全部服务
导入nova的表格数据到mysql中的nova对应的数据库: ~]#su -s /bin/sh -c "nova-manage api_db sync" nova ~]#su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova ~]#su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova ~]#su -s /bin/sh -c "nova-manage db sync" nova 查询cell单元: ~]#nova-manage cell_v2 list_cells 启动nova全部的相关服务: ~]#systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service ~]#systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
5)在compute-node部署nova服务
计算节点安装nova服务相关包并配置nova服务的配置文件: ~]#yum install openstack-nova-compute -y ~]#vim /etc/nova/nova.conf [DEFAULT] # ... enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:openstack@192.168.1.41 my_ip = 192.168.23.201 #计算节点 [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_uri = http://192.168.23.100:5000 auth_url = http://192.168.23.100:35357 memcached_servers = 192.168.1.41:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = nova123456 [vnc] # ... enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = $my_ip novncproxy_base_url = http://192.168.23.100:6080/vnc_auto.html [glance] # ... api_servers = http://192.168.23.100:9292 [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp [placement]: # ... os_region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://192.168.23.100:35357/v3 username = placement password = placement 查看你的计算节点对虚拟机是否支持硬件,返回值为1时或比一大说明就支持 ~]#egrep -c '(vmx|svm)' /proc/cpuinfo 若是你的计算节点不支持虚拟机硬件加速就须要配置一下选项libvirt ~]#vim /etc/nova/nova.conf [libvirt] # ... virt_type = qemu
6)在compute-node完成以上的配置后启动nova服务
~]#systemctl enable libvirtd.service openstack-nova-compute.service ~]#systemctl start libvirtd.service openstack-nova-compute.service Note注意 If the nova-compute service fails to start, check /var/log/nova/nova-compute.log. The error message AMQP server on controller:5672 is unreachable likely indicates that the firewall on the controller node is preventing access to port 5672. Configure the firewall to open port 5672 on the controller node and restart nova-compute service on the compute node. 执行admin受权脚本: ~]#. admin-openrc 查看管理程序状态: ~]# openstack hypervisor list 查询计算主机并添加到cell库: ~]#su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova 若是须要添加一个新的计算节点须要在主节点上运行nova-manage cell_v2 discover_hosts 或者 ~]#vim /etc/nova/nova.conf [scheduler] discover_hosts_in_cells_interval = 300 #设置合适的时间间隔
7)配置完成后在controll-node上检查nova服务
~]#. admin-openrc 列出全部计算服务 ~]#openstack compute service list ~]#openstack catalog list ~]#openstack image list nova服务的升级状态检查: ~]#nova-status upgrade check
5.neutron网络服务的部署
1)在mysql-node上建立neutron数据库以及neutron服务的受权用户
MariaDB [(none)] CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
2)在controll-node上执行neutron服务的相关命令
执行admin受权脚本,以admin的身份执行命令 ~]#. admin-openrc 建立neutron用户: ~]#openstack user create --domain default --password-prompt neutron 将neutron用户属于admin权限 ~]#openstack role add --project service --user neutron admin 建立一个服务名为neutron,类型为network的网络服务: ~]#openstack service create --name neutron --description "OpenStack Networking" network 建立endpoint: ~]#openstack endpoint create --region RegionOne network public http://192.168.23.100:9696 #公共端点 ~]#openstack endpoint create --region RegionOne network internal http://192.168.23.100:9696 #私用端点 ~]#openstack endpoint create --region RegionOne network admin http://192.168.23.100:9696 #管理端点
3)在controll-node上安装neutron服务的相关包及配置相关的配置文件(这里一provider-network网络类型为例)
~]#yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y ~]#vim /etc/neutron/neutron.conf [database] # ... connection = mysql+pymysql://neutron:neutron123@192.168.1.41/neutron [DEFAULT] # ... core_plugin = ml2 service_plugins = transport_url = rabbit://openstack:openstack@192.168.1.41 auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] # ... auth_uri = http://192.168.23.100:5000 auth_url = http://192.168.23.100:35357 memcached_servers = 192.168.1.41:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [nova] # ... auth_url = http://192.168.23.100:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = nova [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp ~]#vim /etc/neutron/plugins/ml2/ml2_conf.ini #模块二层配置文件(model layer2) [ml2] # ... type_drivers = flat,vlan #分别启用flat(桥接网络)、vlan(虚拟局域网络) tenant_network_types = #为空表示禁用用户建立子网 mechanism_drivers = linuxbridge #机制驱动为桥接 extension_drivers = port_security #开启扩展驱动端口安全 [ml2_type_flat] # ... flat_networks = provider #指定的虚拟网络名称 [securitygroup] # ... enable_ipset = true ~]#vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:eth1 #物理网卡映射到eth1,其中发热provider为虚拟网络名,必须跟上面指定的flat_networks= 指定的虚拟网络名称相同 [vxlan] enable_vxlan = false #禁用vxlan技术,从而进制用户建立本身的网络 [securitygroup] #开启安全组能够限定外界主机的访问规则 # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver ~]#vim /etc/neutron/dhcp_agent.ini #dhcp代理服务 [DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true ~]#vim /etc/neutron/metadata_agent.ini [DEFAULT] # ... nova_metadata_ip = 192.168.23.100 metadata_proxy_shared_secret = 123456 ~]#vim /etc/nova/nova.conf [neutron] # ... url = http://192.168.23.100:9696 auth_url = http://192.168.23.100:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron service_metadata_proxy = true metadata_proxy_shared_secret = 123456 ……
4)配置完成后,在controll-node执行neutron网络服务的数据库导入初始化并开启neutron的全部服务
网络初始化脚本软链接: ~]#ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini 将neutron生成的表格导入mysql中的neutron数据库中: ~]#su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron 重启nova-api服务: ~]#systemctl restart openstack-nova-api.service 启动neutron网络服务的全部服务: ~]#systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service ~]#systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service 提供者网络模式工做在二层,无需开启此三层服务,此服务用在自服务网络模式下须要开启: ~]#systemctl enable neutron-l3-agent.service && systemctl start neutron-l3-agent.service
5)在compute-node部署neutron服务
在计算节点安装neutron服务的相关包并配置neutron配置文件 ~]#yum install openstack-neutron-linuxbridge ebtables ipset -y ~]#vim /etc/neutron/neutron.conf 在[database]下注释掉全部connection选项 [DEFAULT] # ... transport_url = rabbit://openstack:openstack@192.168.1.41 auth_strategy = keystone [keystone_authtoken] # ... auth_uri = http://192.168.23.100:5000 auth_url = http://192.168.23.100:35357 memcached_servers = 192.168.1.41:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp 选择和控制node相同的网络选项 ~]#vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:eth1 #此处的虚拟网卡名provider必须和控制节点保持一致 [vxlan] enable_vxlan = false #一样关闭VXlan [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver ~]#vim /etc/nova/nova.conf [neutron] # ... url = http://192.168.23.100:9696 auth_url = http://192.168.23.100:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron 重启nova服务: ~]#systemctl restart openstack-nova-compute.service 启动计算节点上的neutron服务: ~]#systemctl enable neutron-linuxbridge-agent.service && systemctl start neutron-linuxbridge-agent.service
6.部署仪表dashboard的web访问端
1)在controll-nod是上安装dashboard的相关包并配置dashboard的配置文件
~]#yum install openstack-dashboard -y
~]#vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "192.168.23.100" #指定主机
ALLOWED_HOSTS = ['*,'] #容许全部主机访问dashboard
SESSION_ENGINE = 'django.contrib.sessions.backends.cache' #
CACHES = { #
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST #
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True #
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default" #
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" #
OPENSTACK_NEUTRON_NETWORK = { #
'enable_router': False,
'enable_quotas': False,
'enable_ipv6': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_***': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai" #时区设置
从新启动httpd服务和memcached服务
~]# systemctl restart httpd.service memcached.service
dashboard页面访问测试:
7.建立一个虚拟网络
1)执行admin权限脚本
~]#. admin-openrc
2) 建立一个共享外网的提供网络者的名称为provider,网络类型为flat,网络名称也为provider
~]#openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
3)在provider虚拟网络基础上建立一个子网络名称也为provider,分配的地址池为192.168.23.10-192.168.23.99 ,子网范围为192.168.23.0/24
~]#openstack subnet create --network provider --allocation-pool start=192.168.23.10,end=192.168.23.99 --dns-nameserver 192.168.23.1 --gateway 192.168.23.1 --subnet-range 192.168.23.0/24 provider
8.建立一个虚拟机实例两种方法
方法一:.直接在web建立
1)点击管理员先建立一实例类型
2)选择实例类型
3)点击建立实例类型
4)填写实例类型中的虚拟cpu个数、内存、盘大小等信息,再点击建立实例类型
5)查看建立好的实例类型
6)选择项目、在选择实例
7)选择建立实例node
8)填写建立的 虚拟机名称
9)选择镜像源cirrorspython
10)在选择建立好的实例类型,在点击右下角的实例建立 mysql
11)实例正在建立中,等待孵化,即将完成建立 linux
方法二:直接在控制节点命令行建立虚拟机创
1)建立虚拟机命令
~]#openstack server create --flavor m1.nano --image cirros --nic net-id=06a17cc8-57b8-4823-a6df-28da24061d8a --security-group default test-vm
2)命令选项注释
server create #建立一个虚拟机实例
--flavor #指定的实例类型即建立的虚拟机vcpu个数、内存大小、磁盘大小等配置信息
--nic net-id=指定的网络Id号,即虚拟机是基于网络的建立
--image 指定的镜像名称
default test-vm #指定默认的虚拟机名称为test-vm
相关文章
- 1. Openstack Queens 环境搭建(四)Glance服务
- 2. Openstack Queens 环境搭建(七)Horizon服务
- 3. Openstack Queens 环境搭建(六)Neutron服务
- 4. Openstack Queens 环境搭建(五)Nova服务
- 5. Openstack Queens 环境搭建(三)Keystone服务
- 6. 搭建openstack服务
- 7. OpenStack服务组件
- 8. openstack开发环境搭建
- 9. Openstack CI 环境搭建
- 10. OpenStack环境搭建准备
- 更多相关文章...
- • Swift 环境搭建 - Swift 教程
- • Rust 环境搭建 - RUST 教程
- • Spring Cloud 微服务实战(三) - 服务注册与发现
- • 互联网组织的未来:剖析GitHub员工的任性之源
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
欢迎关注本站公众号,获取更多信息
